For those wondering about still needing to sign in to the browser or cloud service, this is where something like a smartcard, keyfob, or other physical authentication device would come in handy. They are unappealing in today's world of separate accounts on every site, but under this scheme (when paired with a quality account recovery service) it makes a lot more sense.
I'm curious about how we would prevent a malicious (or temporarily hacked) web site from showing a specially crafted sign-in page to the browser, and having the browser send along your private information to the wrong place without you every noticing. It seems... exploitable.
Also: captchas are not appealing to me for this. But I reference my first point: combine it with a hardware security key, and maybe the hardware key allows you to bypass the captcha.

Perhaps you've seen this recent XKCD about password choice? It prompted a spirited debate – even on our very own Security Stack Exchange – about the merits of the argument presented there. Now, to be clear, I'm completely on Randall's side here; I'm all for passphrases over passwords, and I...